| |
| |||||||
Log-Analyse und Auswertung: Bundeskriminalamt VirusWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
06.08.2011, 13:13
| #1 |
 |  Bundeskriminalamt Virus Guten Tag, habe mir heute den hier wohl schon bekannten Virus eingefangen, der einen in lächerlicher Weise auffordert, 100€ an das BKA zu zahlen. Nachdem eine Systemwiederherstellung immer fehlgeschlagen ist, habe ich bevor der Virus ausgeführt wurde beim Systemstart es geschafft den Taskmanager zu öffnen, und eine Anwendung zu schließen(weiß leider nichtmehr wie die hieß, beginn mit q und waren zusammenhangslose Buchstaben). Habe dann in der Registry den Eintrag von der schädlichen Datei(jaschla.exe) wieder auf explorer.exe geändert. Die besagte Datei habe ich dann auch gelöscht. Dann habe ich neugestartet, und kam wieder ganz normal rein. Daraufhin habe ich Avast Antivir durchlaufen lassen, das hatte zwei Befunde, welche ich in Quarantäne versetzt habe. 1. Befund: A0164261.exe, Status:Bedrohung:Win32:Sinowal-IN[Trj] 2. Befund: A0164262.exe Status:Bedrohung:Win32:Sinowal-IN[Trj] . Daraufhin habe ich mit Malwarebyes einen Scan durchführen lassen, dort gab es auch vier Befunde, welche ich habe entfernen lassen. Log: Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Datenbank Version: 7392 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 06.08.2011 13:55:42 mbam-log-2011-08-06 (13-55-33).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 159119 Laufzeit: 3 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 0 Infizierte Dateien: 3 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\dokumente und einstellungen\keeth\lokale einstellungen\temp\b8.tmp (Spyware.Passwords.XGen) -> No action taken. c:\dokumente und einstellungen\keeth\lokale einstellungen\temp\bc.tmp (Spyware.Passwords.XGen) -> No action taken. c:\windows\temp\bb.tmp (Spyware.Passwords.XGen) -> No action taken. . So, dann habe ich noch OTL durchlaufen lassen, Log1:OTL Logfile: Code:
ATTFilter OTL logfile created on: 06.08.2011 14:04:53 - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = E:\Programme\Downloads\Rezepte Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 76,04% Memory free 4,09 Gb Paging File | 3,46 Gb Available in Paging File | 84,65% Paging File free Paging file location(s): C:\pagefile.sys 1024 1024 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 34,33 Gb Total Space | 3,84 Gb Free Space | 11,18% Space Free | Partition Type: NTFS Drive E: | 664,30 Gb Total Space | 350,67 Gb Free Space | 52,79% Space Free | Partition Type: NTFS Computer Name: MAXGA | User Name: Keeth | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - E:\Programme\Downloads\Rezepte\OTL.exe (OldTimer Tools) PRC - C:\Programme\Google\Update\1.3.21.65\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software) PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH) PRC - C:\Programme\Canon\IJPLM\ijplmsvc.exe () PRC - C:\Programme\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) PRC - C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe (Acronis) PRC - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis) PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe () PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.) PRC - C:\Programme\UPHClean\uphclean.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - E:\Programme\Downloads\Rezepte\OTL.exe (OldTimer Tools) MOD - C:\Programme\Alwil Software\Avast5\snxhk.dll (AVAST Software) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AppMgmt) -- File not found SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (SbieSvc) -- C:\Programme\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (PinnacleUpdateSvc) -- C:\Programme\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe (PowerUp Software, LLC) SRV - (TunngleService) -- C:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH) SRV - (IJPLMSVC) -- C:\Programme\Canon\IJPLM\ijplmsvc.exe () SRV - (SwitchBoard) -- C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (afcdpsrv) -- C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe (Acronis) SRV - (AcrSch2Svc) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe () SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Programme\WinPcap\rpcapd.exe (CACE Technologies) SRV - (UPHClean) -- C:\Programme\UPHClean\uphclean.exe (Microsoft Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software) DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software) DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software) DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D) DRV - (MotioninJoyXFilter) -- C:\WINDOWS\system32\drivers\MijXfilt.sys (MotioninJoy) DRV - (libusb0) -- C:\WINDOWS\system32\drivers\libusb0.sys (hxxp://libusb-win32.sourceforge.net) DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.) DRV - (FTSER2K) -- C:\WINDOWS\system32\drivers\ftser2k.sys (FTDI Ltd.) DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (ESLvnic1) -- C:\WINDOWS\system32\drivers\ESLvnic.sys (Turtle Entertainment GmbH) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (afcdp) -- C:\WINDOWS\system32\drivers\afcdp.sys (Acronis) DRV - (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251) -- C:\WINDOWS\system32\DRIVERS\tdrpm251.sys (Acronis) DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis) DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis) DRV - (RTHDMIAzAudService) -- C:\WINDOWS\system32\drivers\RtKHDMI.sys (Realtek Semiconductor Corp.) DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.) DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative) DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys () DRV - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\WINDOWS\system32\drivers\tap0901t.sys (Tunngle.net) DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys () DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider) DRV - (btnetBUs) -- C:\WINDOWS\system32\drivers\btnetBus.sys () DRV - (IvtBtBUs) -- C:\WINDOWS\system32\drivers\IvtBtBus.sys (IVT Corporation.) DRV - (BtHidBus) -- C:\WINDOWS\System32\Drivers\BtHidBus.sys (IVT Corporation.) DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (FreeBT) -- C:\WINDOWS\system32\drivers\fbtusb.sys (FreeBT (www.freebt.net)) DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies) DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices) DRV - (FWLANUSB) -- C:\WINDOWS\system32\drivers\fwlanusb.sys (AVM GmbH) DRV - (avmeject) -- C:\WINDOWS\system32\drivers\avmeject.sys (AVM Berlin) DRV - (PPortJoystick) -- C:\WINDOWS\system32\drivers\PPortJoy.sys (Deon van der Westhuysen) DRV - (PPJoyBus) -- C:\WINDOWS\system32\drivers\PPJoyBus.sys (Deon van der Westhuysen) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=15003&l=dis IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {3335F91D-2AEF-4097-B831-C96C60349822}:1.4.3 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 4 FF - prefs.js..extensions.enabledItems: 9 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: support@burn4free-toolbar.com:1.0 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10 FF - prefs.js..extensions.enabledItems: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}:0.8.19 FF - prefs.js..extensions.enabledItems: facepad@lazyrussian.com:0.8.1 FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.2 FF - prefs.js..network.proxy.http: "68.199.83.207" FF - prefs.js..network.proxy.http_port: 7212 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Programme\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Dokumente und Einstellungen\Keeth\Anwendungsdaten\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Programme\TVUPlayer\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Programme\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Programme\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Dokumente und Einstellungen\Keeth\Anwendungsdaten\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.06.23 05:15:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.06.23 05:15:10 | 000,000,000 | ---D | M] [2009.06.20 17:53:39 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Keeth\Anwendungsdaten\Mozilla\Extensions [2011.08.05 18:30:22 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Keeth\Anwendungsdaten\Mozilla\Firefox\Profiles\fzh4oluk.default\extensions [2010.12.12 20:45:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Keeth\Anwendungsdaten\Mozilla\Firefox\Profiles\fzh4oluk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.09.30 10:50:22 | 000,000,000 | ---D | M] (Leet Key) -- C:\Dokumente und Einstellungen\Keeth\Anwendungsdaten\Mozilla\Firefox\Profiles\fzh4oluk.default\extensions\{3335F91D-2AEF-4097-B831-C96C60349822} [2010.08.26 22:50:00 | 000,000,000 | ---D | M] (ShowIP) -- C:\Dokumente und Einstellungen\Keeth\Anwendungsdaten\Mozilla\Firefox\Profiles\fzh4oluk.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d} [2011.07.11 14:39:04 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Dokumente und Einstellungen\Keeth\Anwendungsdaten\Mozilla\Firefox\Profiles\fzh4oluk.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2010.08.25 16:11:02 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Dokumente und Einstellungen\Keeth\Anwendungsdaten\Mozilla\Firefox\Profiles\fzh4oluk.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010.12.24 16:15:26 | 000,000,000 | ---D | M] (FacePAD: Facebook Photo Album Downloader) -- C:\Dokumente und Einstellungen\Keeth\Anwendungsdaten\Mozilla\Firefox\Profiles\fzh4oluk.default\extensions\facepad@lazyrussian.com [2010.01.23 16:57:43 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Dokumente und Einstellungen\Keeth\Anwendungsdaten\Mozilla\Firefox\Profiles\fzh4oluk.default\extensions\firefox@tvunetworks.com [2011.03.17 07:25:33 | 000,002,396 | ---- | M] () -- C:\Dokumente und Einstellungen\Keeth\Anwendungsdaten\Mozilla\Firefox\Profiles\fzh4oluk.default\searchplugins\askcom.xml [2011.08.05 18:30:22 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.08.03 11:51:34 | 000,000,000 | ---D | M] (Burn4Free Toolbar) -- C:\PROGRAMME\BURN4FREE TOOLBAR\V3.3.0.3\FIREFOX [2010.03.25 14:20:20 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011.04.30 14:55:21 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.04.30 14:55:21 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011.04.30 14:55:21 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011.04.30 14:55:21 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2011.04.30 14:55:21 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.09.21 13:28:12 | 000,000,853 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 217.188.35.145 schuelervz.net O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Burn4Free Toolbar Helper) - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Programme\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Programme\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll () O4 - HKLM..\Run: [avast5] C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Programme\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKCU..\Run: [DS3 Tool] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O8 - Extra context menu item: Nach Microsoft &Excel exportieren - E:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Save Flash - C:\Programme\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (UnH Solutions) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Keeth\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Keeth\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.20 17:30:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{0a679c60-8658-11de-863c-00241d2db1db}\Shell - "" = AutoRun O33 - MountPoints2\{0a679c60-8658-11de-863c-00241d2db1db}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{0a679c60-8658-11de-863c-00241d2db1db}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{5d7d5331-2f14-11df-bafe-00241d2db1db}\Shell\AutoRun\command - "" = G:\Toshiba\more4you.exe O33 - MountPoints2\{b5d3d995-b03b-11de-86da-00241d2db1db}\Shell\AutoRun\command - "" = G:\menu.exe O33 - MountPoints2\{c416d668-8436-11de-8638-00241d2db1db}\Shell - "" = AutoRun O33 - MountPoints2\{c416d668-8436-11de-8638-00241d2db1db}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c416d668-8436-11de-8638-00241d2db1db}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{c416d669-8436-11de-8638-00241d2db1db}\Shell - "" = AutoRun O33 - MountPoints2\{c416d669-8436-11de-8638-00241d2db1db}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c416d669-8436-11de-8638-00241d2db1db}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{c416d66a-8436-11de-8638-00241d2db1db}\Shell - "" = AutoRun O33 - MountPoints2\{c416d66a-8436-11de-8638-00241d2db1db}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c416d66a-8436-11de-8638-00241d2db1db}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{c416d66d-8436-11de-8638-00241d2db1db}\Shell - "" = AutoRun O33 - MountPoints2\{c416d66d-8436-11de-8638-00241d2db1db}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c416d66d-8436-11de-8638-00241d2db1db}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{d1b2cda2-86ae-11de-863d-00241d2db1db}\Shell - "" = AutoRun O33 - MountPoints2\{d1b2cda2-86ae-11de-863d-00241d2db1db}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{d1b2cda2-86ae-11de-863d-00241d2db1db}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{dd77a425-4402-11e0-9a79-00ff01000001}\Shell\AutoRun\command - "" = G:\Menu.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.08.06 13:50:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Keeth\Anwendungsdaten\Malwarebytes [2011.08.06 13:50:35 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011.08.06 13:50:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2011.08.06 13:50:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2011.08.06 13:50:31 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.08.06 13:50:31 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.07.08 20:07:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Keeth\Startmenü\Programme\Steamless Counter Strike Source Pack [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Dokumente und Einstellungen\Keeth\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\Keeth\Eigene Dateien\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.08.06 14:05:39 | 000,445,652 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2011.08.06 14:05:39 | 000,429,440 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.08.06 14:05:39 | 000,079,104 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2011.08.06 14:05:39 | 000,066,390 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011.08.06 13:57:47 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011.08.06 13:57:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.08.06 13:56:24 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Access.dat [2011.08.06 13:53:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011.08.06 13:50:35 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.08.06 12:06:43 | 000,041,284 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat [2011.08.06 10:37:51 | 000,119,296 | ---- | M] () -- C:\WINDOWS\System32\zlib.dll [2011.08.05 17:45:23 | 000,011,693 | ---- | M] () -- C:\Dokumente und Einstellungen\Keeth\Eigene Dateien\TP.rtf [2011.08.04 21:24:06 | 000,000,453 | ---- | M] () -- C:\Dokumente und Einstellungen\Keeth\Eigene Dateien\bbt.rtf [2011.07.26 21:07:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011.07.26 18:45:40 | 000,003,002 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2011.07.24 18:56:08 | 000,000,229 | ---- | M] () -- C:\Dokumente und Einstellungen\Keeth\Eigene Dateien\deckideen.rtf [2011.07.17 21:39:24 | 000,000,171 | ---- | M] () -- C:\Dokumente und Einstellungen\Keeth\Eigene Dateien\tierarzt adresse.rtf [2011.07.16 02:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-MAXGA-Keeth.job [2011.07.15 16:03:48 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.07.13 21:46:21 | 003,515,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.07.13 20:08:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011.07.08 21:54:42 | 000,001,658 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Counter-Strike Source.lnk [2011.07.08 20:08:00 | 000,000,731 | ---- | M] () -- C:\Dokumente und Einstellungen\Keeth\Desktop\SteamLess Counter Strike Source.lnk [2011.07.08 17:19:25 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.07.08 00:40:52 | 000,222,816 | ---- | M] () -- C:\WINDOWS\War3Unin.dat [2011.07.07 23:57:25 | 000,000,196 | ---- | M] () -- C:\Dokumente und Einstellungen\Keeth\Eigene Dateien\Conan-Serien.rtf [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Dokumente und Einstellungen\Keeth\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\Keeth\Eigene Dateien\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.08.06 13:50:35 | 000,000,762 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.07.24 18:56:08 | 000,000,229 | ---- | C] () -- C:\Dokumente und Einstellungen\Keeth\Eigene Dateien\deckideen.rtf [2011.07.17 20:46:26 | 000,000,171 | ---- | C] () -- C:\Dokumente und Einstellungen\Keeth\Eigene Dateien\tierarzt adresse.rtf [2011.07.08 20:08:00 | 000,000,731 | ---- | C] () -- C:\Dokumente und Einstellungen\Keeth\Desktop\SteamLess Counter Strike Source.lnk [2011.07.08 17:19:25 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.05.29 23:58:06 | 000,001,554 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini [2011.05.05 18:18:16 | 000,119,296 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll [2011.05.05 18:18:16 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll [2011.05.05 18:18:16 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dxinputdll.dll [2011.02.04 19:43:08 | 000,000,132 | ---- | C] () -- C:\Dokumente und Einstellungen\Keeth\Anwendungsdaten\Adobe BMP Format CS5 Prefs [2011.02.04 19:13:57 | 000,000,132 | ---- | C] () -- C:\Dokumente und Einstellungen\Keeth\Anwendungsdaten\Adobe PNG Format CS5 Prefs [2010.11.26 12:58:49 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2010.11.23 23:14:51 | 000,068,640 | ---- | C] () -- C:\WINDOWS\unTMV.exe [2010.11.16 21:06:10 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2010.11.01 18:23:07 | 000,000,006 | ---- | C] () -- C:\Dokumente und Einstellungen\Keeth\Anwendungsdaten\Wheeliesettings.ini [2010.09.09 21:05:33 | 000,000,421 | ---- | C] () -- C:\WINDOWS\SIERRA.INI [2010.09.04 17:01:54 | 000,000,092 | R--- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini [2010.07.15 11:26:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Access.dat [2010.07.06 11:39:06 | 000,000,110 | ---- | C] () -- C:\WINDOWS\GMouse.ini [2010.06.23 15:17:49 | 000,041,284 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010.06.17 20:16:17 | 008,676,883 | ---- | C] () -- C:\WINDOWS\System32\NCMedia2.dll [2010.06.17 20:16:17 | 000,758,018 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010.06.17 20:16:17 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010.06.05 03:38:48 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2010.04.02 01:52:00 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat [2010.02.11 18:58:43 | 000,000,075 | ---- | C] () -- C:\WINDOWS\muserr.ini [2009.12.03 19:51:25 | 000,002,058 | ---- | C] () -- C:\WINDOWS\musi.ini [2009.11.08 23:06:02 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Keeth\Lokale Einstellungen\Anwendungsdaten\PUTTY.RND [2009.11.06 11:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2009.11.05 20:25:44 | 000,000,208 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2009.11.05 20:25:44 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2009.11.05 20:25:44 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf07a.dat [2009.11.05 20:24:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat [2009.11.05 20:14:35 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2009.11.05 20:14:35 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2009.11.03 20:44:49 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009.10.27 17:34:28 | 000,034,205 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat [2009.10.21 17:49:40 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2009.10.21 17:49:40 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2009.10.21 17:49:40 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2009.09.28 19:35:32 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2009.09.01 17:33:03 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2009.08.29 22:34:09 | 000,073,216 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01.exe [2009.07.23 16:52:41 | 000,065,024 | ---- | C] () -- C:\Dokumente und Einstellungen\Keeth\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.07.11 16:50:40 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2009.07.11 16:50:40 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2009.07.02 21:18:43 | 000,222,816 | ---- | C] () -- C:\WINDOWS\War3Unin.dat [2009.06.20 18:19:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009.06.20 18:18:12 | 003,515,264 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009.06.20 18:11:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2009.06.20 17:59:12 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe [2009.06.20 17:53:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009.06.20 17:31:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2009.06.20 17:28:36 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2009.06.17 15:02:46 | 000,029,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\btnetBus.sys [2009.05.16 04:54:01 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2009.05.16 04:54:01 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2009.04.23 21:04:54 | 000,201,875 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2009.02.18 19:55:21 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe [2009.02.03 22:52:03 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe [2008.04.14 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2008.04.14 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2008.04.14 14:00:00 | 000,445,652 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2008.04.14 14:00:00 | 000,429,440 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2008.04.14 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2008.04.14 14:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2008.04.14 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2008.04.14 14:00:00 | 000,079,104 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2008.04.14 14:00:00 | 000,066,390 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2008.04.14 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2008.04.14 14:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2008.04.14 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2008.04.14 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2008.04.14 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2008.04.14 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2008.04.14 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2007.11.06 22:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2006.12.28 01:02:00 | 000,097,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\Fwusb1b.bin [2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI ========== Alternate Data Streams ========== @Alternate Data Stream - 128 bytes -> C:\WINDOWS\System32\zlib.dll:SummaryInformation @Alternate Data Stream - 128 bytes -> C:\WINDOWS\System32\zlib.dll:DocumentSummaryInformation @Alternate Data Stream - 122 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:6152D44C < End of report > Log2:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 06.08.2011 14:04:53 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = E:\Programme\Downloads\Rezepte
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 76,04% Memory free
4,09 Gb Paging File | 3,46 Gb Available in Paging File | 84,65% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1024 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 34,33 Gb Total Space | 3,84 Gb Free Space | 11,18% Space Free | Partition Type: NTFS
Drive E: | 664,30 Gb Total Space | 350,67 Gb Free Space | 52,79% Space Free | Partition Type: NTFS
Computer Name: MAXGA | User Name: Keeth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "E:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- E:\Programme\Adobe\Photoshop\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"57848:TCP" = 57848:TCP:*:Enabled:Pando Media Booster
"57848:UDP" = 57848:UDP:*:Enabled:Pando Media Booster
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"57848:TCP" = 57848:TCP:*:Enabled:Pando Media Booster
"57848:UDP" = 57848:UDP:*:Enabled:Pando Media Booster
"8394:TCP" = 8394:TCP:*:Enabled:League of Legends Launcher
"8394:UDP" = 8394:UDP:*:Enabled:League of Legends Launcher
"6968:TCP" = 6968:TCP:*:Enabled:League of Legends Launcher
"6968:UDP" = 6968:UDP:*:Enabled:League of Legends Launcher
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Dokumente und Einstellungen\Keeth\Desktop\Listchecker\pickup.listchecker.exe" = C:\Dokumente und Einstellungen\Keeth\Desktop\Listchecker\pickup.listchecker.exe:*:Enabled:pickup.listchecker -- ()
"C:\gPotato.eu\Allods Online\bin\Launcher.exe" = C:\gPotato.eu\Allods Online\bin\Launcher.exe:*:Enabled:Allods Online launcher.exe -- (© 2008 - 2009 Astrum Nival, LLC)
"C:\gPotato.eu\Allods Online\bin\AOgame.exe" = C:\gPotato.eu\Allods Online\bin\AOgame.exe:*:Enabled:Allods Online AOgame.exe -- (© 2008 - 2009 Astrum Nival, LLC)
"C:\Programme\EslWire\wire.exe" = C:\Programme\EslWire\wire.exe:*:Enabled:ESL Wire Client -- (Turtle Entertainment GmbH)
"C:\Programme\Tunngle\TnglCtrl.exe" = C:\Programme\Tunngle\TnglCtrl.exe:*:Enabled:Tunngle Service -- (Tunngle.net GmbH)
"C:\Programme\Tunngle\Tunngle.exe" = C:\Programme\Tunngle\Tunngle.exe:*:Enabled:Tunngle Client -- (Tunngle.net GmbH)
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"E:\Programme\League of Legends\Air\LolClient.exe" = E:\Programme\League of Legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby -- ()
"E:\Programme\League of Legends\Game\League of Legends.exe" = E:\Programme\League of Legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()
"C:\Programme\TeamViewer\Version5\TeamViewer.exe" = C:\Programme\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"E:\Programme\mIRC\mirc.exe" = E:\Programme\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Padworld Entertainment\World of Padman 1.5\wop.exe" = C:\Programme\Padworld Entertainment\World of Padman 1.5\wop.exe:*:Enabled:wop -- ()
"E:\Programme\TmNationsForever\TmForever.exe" = E:\Programme\TmNationsForever\TmForever.exe:*:Enabled:TmForever -- ()
"E:\Programme\Steam\steamapps\keeth976\counter-strike source\hl2.exe" = E:\Programme\Steam\steamapps\keeth976\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source
"C:\Programme\TVUPlayer\TVUPlayer.exe" = C:\Programme\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component -- (TVU networks)
"C:\Programme\SopCast\adv\SopAdver.exe" = C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Programme\SopCast\SopCast.exe" = C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\TeamViewer\Version6\TeamViewer.exe" = C:\Programme\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D994CC5-819F-4657-84DD-397B8FE1EA80}" = Star Wars Jedi Knight Jedi Academy
"{0DA693CA-9AE8-0780-E49C-3D49E099077B}" = Catalyst Control Center Localization All
"{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{10BC9ED1-5D41-54C6-862C-2C00E5C434EF}" = CCC Help Portuguese
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1BE326D9-BA06-A574-72AA-C428C6F09549}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F4814EB-4453-B4ED-29C9-C7F1AE76152F}" = Catalyst Control Center Core Implementation
"{1FDDECB1-702D-C574-295B-BC9CCE51C795}" = CCC Help Italian
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32A3A4F4-B792-11D6-A78A-00B0D0160160}" = Java(TM) SE Development Kit 6 Update 16
"{33D322FB-0F56-79B5-13A5-B72C901AB4AB}" = Catalyst Control Center Graphics Light
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{408018E8-85F0-832D-851F-11C31FF939BD}" = ccc-core-static
"{46DCE6DC-6C9B-0E3F-F9F0-662B8BAFDCA5}" = CCC Help English
"{49BF48CC-ABB6-4795-9B35-B5DE005D8612}" = Pinnacle Game Profiler
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B6FCEC-7146-17FC-6877-18DAE0EDF05F}" = Euro-Fahrschule 2010
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62A7970B-2586-D420-AC6D-F8CA0E7B5B81}" = Catalyst Control Center Graphics Full Existing
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{651E63E0-772C-CC4F-2C2E-9AF3114925F0}" = CCC Help Spanish
"{6C89B82E-AD76-7715-43EA-C37E563E83BB}" = ATI Catalyst Install Manager
"{6D0042A0-9064-4C7F-B906-3EAC4427EE07}_is1" = Counter-Strike Source DZ
"{6D74E1F4-32D5-44D0-9054-8D57E981F59F}_is1" = Flash Saving Plugin
"{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{732A305A-88E0-D5ED-EA88-5D9A9B9B8783}" = CCC Help Greek
"{75C659EA-EA00-AC02-9F97-5EFDC53AB699}" = ccc-utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777A1FE5-9C56-F3D6-A387-79BBE18030DB}" = CCC Help Hungarian
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7EE9145D-C430-44E6-B5ED-61FF9C332100}_is1" = Battle of the Immortals
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{8681B1E6-CD96-46EF-9065-CE0D1085ED99}" = Star Wars JK II Jedi Outcast
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A57C8520-5970-3FE0-9BC2-520FB6D447D1}" = Catalyst Control Center HydraVision Full
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{ADB458D8-A0E2-FC9E-6271-DD22CA464A6F}" = CCC Help Polish
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B49C924C-A651-4378-94F6-5D9BF44A959F}" = EE-ZDE
"{BA165460-FCF7-4D6C-A7A2-F2321700720F}" = MobileMe Control Panel
"{BCAF3D46-3BDA-441F-97B9-3878ACD0CD4F}_is1" = Half-Life 2 (Addon) DZ
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis*True*Image*Home
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C388D147-CCBA-411C-B9FC-2CC1B4EFB240}" = Pirates of the Caribbean
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D8318C33-701B-2E7B-AAE7-9DB37D367D65}" = ccc-core-preinstall
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E940C734-8AFB-4F22-F102-A00AC8B3069B}" = CCC Help French
"{EA7CFDF5-3C98-7906-E7F6-9758C1415622}" = Catalyst Control Center Graphics Previews Common
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher
"{F3520A32-BC9A-4518-A067-3FCF759DF314}" = Jar2Exe Wizard
"{F868C16D-75F8-4EE8-BCBF-422D0833415D}_is1" = Open PLS in Windows Media Player 2.3.0
"{FCD92A32-25B2-D2C1-7B7B-DFA2E78AD3AC}" = Catalyst Control Center Graphics Full New
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"3D-Fahrschule" = 3D-Fahrschule
"4426-4425-6055-8903" = exe4j 4.4.1
"4StoryDE_is1" = 4Story 1.5
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AstrumNival Allods" = Allods Online 1.0.05.41
"Auto Movie Creator_is1" = Auto Movie Creator 3.2
"AutoHotkey" = AutoHotkey 1.0.48.05
"avast" = avast! Free Antivirus
"BlueJ_is1" = BlueJ 2.5.3
"Burn4Free" = Burn4Free CD and DVD
"Burn4Free Toolbar" = Burn4Free Toolbar
"CamStudio" = CamStudio
"Canon MG5200 series Benutzerregistrierung" = Canon MG5200 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CasinoClub" = CasinoClub
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CrypTool" = CrypTool 1.4.30
"Cucusoft iPod Video Converter_is1" = Cucusoft iPod Video Converter 7.18
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Diablo II" = Diablo II
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"DotAlicious Gaming Client" = DotAlicious Gaming Client
"Duke Nukem 3D Atomic Edition HRP_is1" = Duke Nukem 3D Atomic Edition HRP v4.0 (321)
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"ESL Wire_is1" = ESL Wire 1.6.0
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Freez FLV to AVI/MPEG/WMV Converter v1.6_is1" = Freez FLV to AVI/MPEG/WMV Converter
"FTDICOMM" = FTDI USB Serial Converter Drivers
"Garena" = Garena
"GeoGebra" = GeoGebra
"GhostMouse 2.0" = GhostMouse 2.0
"GIF Animator" = Microsoft GIF Animator
"Guild Wars" = GUILD WARS
"GuildWars Visions_is1" = GuildWars Visions v1.08
"Halo" = Microsoft Halo
"Hamachi" = Hamachi 1.0.1.5
"hon" = Heroes of Newerth
"Icy Tower v1.4_is1" = Icy Tower v1.4
"ImgBurn" = ImgBurn
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 2.5.5
"JSmooth 0.9.9-7" = JSmooth 0.9.9-7
"KaloMa_is1" = KaloMa 4.77
"Knights of the Force 2.0" = Knights of the Force 2.0
"L4D2SP" = Left 4 Dead 2 Standalone Patch™
"League of Legends_is1" = League of Legends
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Megavideo Video Downloader_is1" = Megavideo Video Downloader 3.18
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Mumble" = Mumble and Murmur
"No-IP.com DUC" = No-IP.com DUC (remove only)
"Notepad++" = Notepad++
"Octava SD4" = Octava SD4
"OpenAL" = OpenAL
"Parallel Port Joystick" = Parallel Port Joystick
"PDF Editor 2" = PDF Editor 2
"Ruby-186-27" = Ruby-186-27
"Sandboxie" = Sandboxie 3.54 (32-bit)
"Secure Eraser_is1" = Secure Eraser v3.1
"SopCast" = SopCast 3.3.2
"Steam App 240" = Counter-Strike: Source
"Steamless Counter Strike Source Pack" = Steamless Counter Strike Source Pack
"Steamless Left4Dead2 Pack" = Steamless Left4Dead2 Pack
"Super Bubble Blob" = Super Bubble Blob
"SWFPlayer_is1" = SWFPlayer 2.6.2.0
"SYBEX.eurofahrschule2010.DEA6744BBD64092B439DF6F6F66EE152DA36E9C6.1" = Euro-Fahrschule 2010
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 5" = TeamViewer 5
"TeamViewer 6" = TeamViewer 6
"TextMaker Viewer" = TextMaker Viewer
"TmNationsForever_is1" = TmNationsForever
"Tunngle beta_is1" = Tunngle beta
"TVUPlayer" = TVUPlayer 2.5.3.1
"UT2004" = Unreal Tournament 2004
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.0.1
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinHugs" = WinHugs
"WinISD beta" = WinISD beta
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Word Struck" = Word Struck 1.01
"WordToPDF_is1" = WordToPDF 2.4
"World of Padman" = World of Padman
"World of Padman 1.5" = World of Padman 1.5
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
"FileZilla Client" = FileZilla Client 3.2.8.1
"Move Media Player" = Move Media Player
"Skat-Online V8" = Skat-Online V8
"Warcraft III" = Warcraft III: All Products
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 02.08.2011 10:32:18 | Computer Name = MAXGA | Source = PerfNet | ID = 2006
Description = Die Server Queue-Leistungsinformationen konnten nicht gelesen werden.
Es
werden keine Server-Leistungsinformationen zurückgegeben. Der zurückgegebene Fehlercode
ist DWORD 0, der IOSB.Status ist DWORD 1 und die IOSB.Information ist DWORD 2.
Error - 02.08.2011 16:56:09 | Computer Name = MAXGA | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 03.08.2011 01:08:58 | Computer Name = MAXGA | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 03.08.2011 10:10:55 | Computer Name = MAXGA | Source = PerfNet | ID = 2005
Description = Die Leistungsinformationen vom Serverdienst konnten nicht gelesen
werden. Es werden keine Server-Leistungsinformationen zurückgegeben. Der zurückgegebene
Fehlercode befindet sich in DWORD 0, der IOSB.Status ist DWORD 1 und die IOSB.Information
ist DWORD 2.
Error - 03.08.2011 10:10:55 | Computer Name = MAXGA | Source = PerfNet | ID = 2006
Description = Die Server Queue-Leistungsinformationen konnten nicht gelesen werden.
Es
werden keine Server-Leistungsinformationen zurückgegeben. Der zurückgegebene Fehlercode
ist DWORD 0, der IOSB.Status ist DWORD 1 und die IOSB.Information ist DWORD 2.
Error - 04.08.2011 05:46:57 | Computer Name = MAXGA | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 05.08.2011 00:04:17 | Computer Name = MAXGA | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 05.08.2011 09:48:31 | Computer Name = MAXGA | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 06.08.2011 04:37:49 | Computer Name = MAXGA | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 06.08.2011 06:59:00 | Computer Name = MAXGA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung firefox.exe, Version 1.9.2.4182, fehlgeschlagenes
Modul icucnv36.dll, Version 3.6.0.0, Fehleradresse 0x000013df.
[ System Events ]
Error - 06.08.2011 07:12:00 | Computer Name = MAXGA | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Dienst "Bonjour"" ist vom Dienst "TCP/IP-Protokolltreiber"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 06.08.2011 07:12:00 | Computer Name = MAXGA | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IPSEC-Dienste" ist vom Dienst "IPSEC-Treiber" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 06.08.2011 07:12:00 | Computer Name = MAXGA | Source = Service Control Manager | ID = 7001
Description = Der Dienst "TunngleService" ist vom Dienst "DHCP-Client" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 06.08.2011 07:12:00 | Computer Name = MAXGA | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
Aavmker4 AFD AmdPPM aswRdr aswSnx aswSP aswTdi Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
Error - 06.08.2011 07:13:44 | Computer Name = MAXGA | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 06.08.2011 07:17:55 | Computer Name = MAXGA | Source = Service Control Manager | ID = 7034
Description = Dienst "PinnacleUpdate Service" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 06.08.2011 07:20:43 | Computer Name = MAXGA | Source = Service Control Manager | ID = 7034
Description = Dienst "PinnacleUpdate Service" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 06.08.2011 07:20:58 | Computer Name = MAXGA | Source = Service Control Manager | ID = 7034
Description = Dienst "Gatewaydienst auf Anwendungsebene" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 06.08.2011 07:30:41 | Computer Name = MAXGA | Source = Service Control Manager | ID = 7034
Description = Dienst "PinnacleUpdate Service" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 06.08.2011 07:58:20 | Computer Name = MAXGA | Source = Service Control Manager | ID = 7034
Description = Dienst "PinnacleUpdate Service" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
< End of report >
. Sooo, viel Text, aber die abschließende Frage: Ist mein System sicher? Was muss ich noch tun? Danke schonmal! LG |
|
08.08.2011, 13:39
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Bundeskriminalamt VirusZitat:
 Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ |
|
08.08.2011, 16:30
| #3 |
| | Bundeskriminalamt Virus Guten Tag,
__________________danke schonmal für die kommende Hilfe! Hier der Log des Vollscans: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Datenbank Version: 7409
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
08.08.2011 17:25:36
mbam-log-2011-08-08 (17-25-36).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Durchsuchte Objekte: 558226
Laufzeit: 52 Minute(n), 27 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 7
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\dokumente und einstellungen\Keeth\anwendungsdaten\Sun\Java\deployment\cache\6.0\16\42ff610-741af7bb (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\programme\Visions\updater.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
c:\programme\Visions\Visions.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{33e4a574-0e29-4982-a8b6-522430db5b24}\RP640\A0166173.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{33e4a574-0e29-4982-a8b6-522430db5b24}\RP641\A0167214.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{33e4a574-0e29-4982-a8b6-522430db5b24}\RP641\A0167252.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
e:\programme\perfect world entertainment\battle of the immortals\Bin\perfectprotector.sys (Trojan.Phobiq) -> Quarantined and deleted successfully.
Geändert von Tenori (08.08.2011 um 16:55 Uhr) |
|
09.08.2011, 09:02
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundeskriminalamt Virus Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=15003&l=dis
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..network.proxy.http: "68.199.83.207"
FF - prefs.js..network.proxy.http_port: 7212
FF - prefs.js..network.proxy.type: 0
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.20 17:30:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0a679c60-8658-11de-863c-00241d2db1db}\Shell - "" = AutoRun
O33 - MountPoints2\{0a679c60-8658-11de-863c-00241d2db1db}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0a679c60-8658-11de-863c-00241d2db1db}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{5d7d5331-2f14-11df-bafe-00241d2db1db}\Shell\AutoRun\command - "" = G:\Toshiba\more4you.exe
O33 - MountPoints2\{b5d3d995-b03b-11de-86da-00241d2db1db}\Shell\AutoRun\command - "" = G:\menu.exe
O33 - MountPoints2\{c416d668-8436-11de-8638-00241d2db1db}\Shell - "" = AutoRun
O33 - MountPoints2\{c416d668-8436-11de-8638-00241d2db1db}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c416d668-8436-11de-8638-00241d2db1db}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c416d669-8436-11de-8638-00241d2db1db}\Shell - "" = AutoRun
O33 - MountPoints2\{c416d669-8436-11de-8638-00241d2db1db}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c416d669-8436-11de-8638-00241d2db1db}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c416d66a-8436-11de-8638-00241d2db1db}\Shell - "" = AutoRun
O33 - MountPoints2\{c416d66a-8436-11de-8638-00241d2db1db}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c416d66a-8436-11de-8638-00241d2db1db}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c416d66d-8436-11de-8638-00241d2db1db}\Shell - "" = AutoRun
O33 - MountPoints2\{c416d66d-8436-11de-8638-00241d2db1db}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c416d66d-8436-11de-8638-00241d2db1db}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{d1b2cda2-86ae-11de-863d-00241d2db1db}\Shell - "" = AutoRun
O33 - MountPoints2\{d1b2cda2-86ae-11de-863d-00241d2db1db}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d1b2cda2-86ae-11de-863d-00241d2db1db}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{dd77a425-4402-11e0-9a79-00ff01000001}\Shell\AutoRun\command - "" = G:\Menu.exe
@Alternate Data Stream - 128 bytes -> C:\WINDOWS\System32\zlib.dll:SummaryInformation
@Alternate Data Stream - 128 bytes -> C:\WINDOWS\System32\zlib.dll:DocumentSummaryInformation
@Alternate Data Stream - 122 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:6152D44C
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
09.08.2011, 15:55
| #5 |
| | Bundeskriminalamt Virus Wurde gemacht Chef  Hier der Log: Code:
ATTFilter ========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "chr-greentree_ff&type=971163" removed from browser.search.param.yahoo-fr
Prefs.js: "68.199.83.207" removed from network.proxy.http
Prefs.js: 7212 removed from network.proxy.http_port
Prefs.js: 0 removed from network.proxy.type
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a679c60-8658-11de-863c-00241d2db1db}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a679c60-8658-11de-863c-00241d2db1db}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a679c60-8658-11de-863c-00241d2db1db}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a679c60-8658-11de-863c-00241d2db1db}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a679c60-8658-11de-863c-00241d2db1db}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a679c60-8658-11de-863c-00241d2db1db}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d7d5331-2f14-11df-bafe-00241d2db1db}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5d7d5331-2f14-11df-bafe-00241d2db1db}\ not found.
File G:\Toshiba\more4you.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5d3d995-b03b-11de-86da-00241d2db1db}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b5d3d995-b03b-11de-86da-00241d2db1db}\ not found.
File G:\menu.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c416d668-8436-11de-8638-00241d2db1db}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c416d668-8436-11de-8638-00241d2db1db}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c416d668-8436-11de-8638-00241d2db1db}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c416d668-8436-11de-8638-00241d2db1db}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c416d668-8436-11de-8638-00241d2db1db}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c416d668-8436-11de-8638-00241d2db1db}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c416d669-8436-11de-8638-00241d2db1db}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c416d669-8436-11de-8638-00241d2db1db}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c416d669-8436-11de-8638-00241d2db1db}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c416d669-8436-11de-8638-00241d2db1db}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c416d669-8436-11de-8638-00241d2db1db}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c416d669-8436-11de-8638-00241d2db1db}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c416d66a-8436-11de-8638-00241d2db1db}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c416d66a-8436-11de-8638-00241d2db1db}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c416d66a-8436-11de-8638-00241d2db1db}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c416d66a-8436-11de-8638-00241d2db1db}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c416d66a-8436-11de-8638-00241d2db1db}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c416d66a-8436-11de-8638-00241d2db1db}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c416d66d-8436-11de-8638-00241d2db1db}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c416d66d-8436-11de-8638-00241d2db1db}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c416d66d-8436-11de-8638-00241d2db1db}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c416d66d-8436-11de-8638-00241d2db1db}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c416d66d-8436-11de-8638-00241d2db1db}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c416d66d-8436-11de-8638-00241d2db1db}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1b2cda2-86ae-11de-863d-00241d2db1db}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d1b2cda2-86ae-11de-863d-00241d2db1db}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1b2cda2-86ae-11de-863d-00241d2db1db}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d1b2cda2-86ae-11de-863d-00241d2db1db}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1b2cda2-86ae-11de-863d-00241d2db1db}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d1b2cda2-86ae-11de-863d-00241d2db1db}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd77a425-4402-11e0-9a79-00ff01000001}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd77a425-4402-11e0-9a79-00ff01000001}\ not found.
File G:\Menu.exe not found.
Unable to delete ADS C:\WINDOWS\System32\zlib.dll:SummaryInformation .
Unable to delete ADS C:\WINDOWS\System32\zlib.dll:DocumentSummaryInformation .
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:6152D44C deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.26.1 log created on 08092011_165333
Geändert von Tenori (09.08.2011 um 16:45 Uhr) |
|
09.08.2011, 18:17
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundeskriminalamt VirusZitat:
 Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ --> Bundeskriminalamt Virus |
|
09.08.2011, 18:51
| #7 |
| | Bundeskriminalamt Virus Erledigt: Code:
ATTFilter 2011/08/09 19:44:57.0265 1992 TDSS rootkit removing tool 2.5.14.0 Aug 5 2011 16:09:29
2011/08/09 19:44:57.0453 1992 ================================================================================
2011/08/09 19:44:57.0453 1992 SystemInfo:
2011/08/09 19:44:57.0453 1992
2011/08/09 19:44:57.0453 1992 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/09 19:44:57.0453 1992 Product type: Workstation
2011/08/09 19:44:57.0453 1992 ComputerName: MAXGA
2011/08/09 19:44:57.0453 1992 UserName: Keeth
2011/08/09 19:44:57.0453 1992 Windows directory: C:\WINDOWS
2011/08/09 19:44:57.0453 1992 System windows directory: C:\WINDOWS
2011/08/09 19:44:57.0453 1992 Processor architecture: Intel x86
2011/08/09 19:44:57.0453 1992 Number of processors: 4
2011/08/09 19:44:57.0453 1992 Page size: 0x1000
2011/08/09 19:44:57.0453 1992 Boot type: Normal boot
2011/08/09 19:44:57.0453 1992 ================================================================================
2011/08/09 19:44:58.0359 1992 Initialize success
2011/08/09 19:45:04.0500 2596 ================================================================================
2011/08/09 19:45:04.0500 2596 Scan started
2011/08/09 19:45:04.0500 2596 Mode: Manual;
2011/08/09 19:45:04.0500 2596 ================================================================================
2011/08/09 19:45:04.0812 2596 Aavmker4 (dfcdd5936cad0138775d5a105d4c7716) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/08/09 19:45:04.0843 2596 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/09 19:45:04.0875 2596 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/09 19:45:04.0906 2596 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/09 19:45:04.0921 2596 afcdp (f132d0bfde7c5ea1ab42325c5694a969) C:\WINDOWS\system32\DRIVERS\afcdp.sys
2011/08/09 19:45:04.0953 2596 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/09 19:45:05.0031 2596 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/08/09 19:45:05.0078 2596 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
2011/08/09 19:45:05.0109 2596 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/08/09 19:45:05.0187 2596 aswFsBlk (861cb512e4e850e87dd2316f88d69330) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/08/09 19:45:05.0203 2596 aswMon2 (7857e0b4c817f69ff463eea2c63e56f9) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/08/09 19:45:05.0218 2596 aswRdr (8db043bf96bb6d334e5b4888e709e1c7) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/08/09 19:45:05.0265 2596 aswSnx (17230708a2028cd995656df455f2e303) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/08/09 19:45:05.0281 2596 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\WINDOWS\system32\drivers\aswSP.sys
2011/08/09 19:45:05.0296 2596 aswTdi (984cfce2168286c2511695c2f9621475) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/08/09 19:45:05.0312 2596 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/09 19:45:05.0312 2596 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/09 19:45:05.0406 2596 ati2mtag (e43a7639be410b67059e48d3dd0ad405) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/08/09 19:45:05.0468 2596 atksgt (3c4b9850a2631c2263507400d029057b) C:\WINDOWS\system32\DRIVERS\atksgt.sys
2011/08/09 19:45:05.0468 2596 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/09 19:45:05.0500 2596 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/09 19:45:05.0515 2596 avmeject (263cf9d248fd5e020a1333ed4f7eaa88) C:\WINDOWS\system32\drivers\avmeject.sys
2011/08/09 19:45:05.0531 2596 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/09 19:45:05.0562 2596 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
2011/08/09 19:45:05.0593 2596 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2011/08/09 19:45:05.0640 2596 BtHidBus (ac2e61482a57ea50730f8c2679f37040) C:\WINDOWS\system32\Drivers\BtHidBus.sys
2011/08/09 19:45:05.0671 2596 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2011/08/09 19:45:05.0703 2596 BTHPORT (592e1cedbe314d0ef184dc6f46141e76) C:\WINDOWS\system32\Drivers\BTHport.sys
2011/08/09 19:45:05.0750 2596 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2011/08/09 19:45:05.0781 2596 btnetBUs (6783c5c81bfb640469468a80dfa1ccb3) C:\WINDOWS\system32\Drivers\btnetBus.sys
2011/08/09 19:45:05.0812 2596 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/09 19:45:05.0828 2596 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/09 19:45:05.0843 2596 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/09 19:45:05.0843 2596 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/09 19:45:05.0984 2596 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/09 19:45:06.0031 2596 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/09 19:45:06.0062 2596 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/09 19:45:06.0093 2596 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/09 19:45:06.0109 2596 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/09 19:45:06.0140 2596 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/09 19:45:06.0156 2596 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
2011/08/09 19:45:06.0171 2596 ESLvnic1 (3f3126a8f73e92f8eb369d54977d9e15) C:\WINDOWS\system32\DRIVERS\ESLvnic.sys
2011/08/09 19:45:06.0187 2596 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/09 19:45:06.0203 2596 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/08/09 19:45:06.0218 2596 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/09 19:45:06.0218 2596 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/08/09 19:45:06.0250 2596 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/08/09 19:45:06.0265 2596 FreeBT (b905ff23100a5218a4087c36dc760548) C:\WINDOWS\system32\Drivers\fbtusb.sys
2011/08/09 19:45:06.0281 2596 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/09 19:45:06.0296 2596 FTDIBUS (8142d5d886829b9876cb93af59475c09) C:\WINDOWS\system32\drivers\ftdibus.sys
2011/08/09 19:45:06.0312 2596 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/09 19:45:06.0328 2596 FTSER2K (63d72a4cf9f163b59db0ceed940a7d76) C:\WINDOWS\system32\drivers\ftser2k.sys
2011/08/09 19:45:06.0359 2596 FWLANUSB (ff12fa487265da2ac7de4be53f72ff1a) C:\WINDOWS\system32\DRIVERS\fwlanusb.sys
2011/08/09 19:45:06.0375 2596 gdrv (c6e3105b8c68c35cc1eb26a00fd1a8c6) C:\WINDOWS\gdrv.sys
2011/08/09 19:45:06.0718 2596 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/08/09 19:45:06.0750 2596 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/09 19:45:06.0781 2596 hamachi (d30b31375c40309425c21efe75db90bb) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2011/08/09 19:45:06.0812 2596 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/09 19:45:06.0859 2596 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/09 19:45:06.0906 2596 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/09 19:45:06.0937 2596 hwdatacard (07853191b1bdee5b39be4cfcfe3b9ad4) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
2011/08/09 19:45:06.0984 2596 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/09 19:45:07.0000 2596 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/09 19:45:07.0109 2596 IntcAzAudAddService (c472fc1d265346e9500095f88a0345f9) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/08/09 19:45:07.0156 2596 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/08/09 19:45:07.0171 2596 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/09 19:45:07.0171 2596 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/09 19:45:07.0203 2596 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/09 19:45:07.0218 2596 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/09 19:45:07.0218 2596 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/09 19:45:07.0234 2596 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/09 19:45:07.0265 2596 IvtBtBUs (01cbb39001afda1152f3fce15ab646ea) C:\WINDOWS\system32\Drivers\IvtBtBus.sys
2011/08/09 19:45:07.0281 2596 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/09 19:45:07.0312 2596 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/09 19:45:07.0343 2596 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/09 19:45:07.0343 2596 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/09 19:45:07.0375 2596 libusb0 (05c10e70b437841f31e1bfa8812895ba) C:\WINDOWS\system32\drivers\libusb0.sys
2011/08/09 19:45:07.0421 2596 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
2011/08/09 19:45:07.0453 2596 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/08/09 19:45:07.0484 2596 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/09 19:45:07.0531 2596 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/09 19:45:07.0578 2596 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/08/09 19:45:07.0609 2596 MotioninJoyXFilter (61448ba3cca3063541437694a5527af2) C:\WINDOWS\system32\DRIVERS\MijXfilt.sys
2011/08/09 19:45:07.0640 2596 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/09 19:45:07.0656 2596 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/09 19:45:07.0671 2596 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/09 19:45:07.0687 2596 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/09 19:45:07.0703 2596 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/09 19:45:07.0718 2596 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/09 19:45:07.0734 2596 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/09 19:45:07.0734 2596 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/09 19:45:07.0750 2596 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/09 19:45:07.0750 2596 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/09 19:45:07.0781 2596 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/09 19:45:07.0796 2596 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/09 19:45:07.0812 2596 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/09 19:45:07.0812 2596 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/09 19:45:07.0828 2596 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/09 19:45:07.0843 2596 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/09 19:45:07.0843 2596 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/09 19:45:07.0875 2596 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/09 19:45:07.0906 2596 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/08/09 19:45:07.0937 2596 NPF (6623e51595c0076755c29c00846c4eb2) C:\WINDOWS\system32\drivers\npf.sys
2011/08/09 19:45:07.0937 2596 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/09 19:45:07.0968 2596 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/09 19:45:08.0000 2596 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2011/08/09 19:45:08.0015 2596 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/09 19:45:08.0031 2596 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/09 19:45:08.0046 2596 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/09 19:45:08.0062 2596 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/08/09 19:45:08.0093 2596 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/09 19:45:08.0093 2596 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/09 19:45:08.0109 2596 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/09 19:45:08.0125 2596 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/09 19:45:08.0140 2596 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/09 19:45:08.0203 2596 PPJoyBus (89045b00bd36cfe3910e3cb6762c2db0) C:\WINDOWS\system32\drivers\PPJoyBus.sys
2011/08/09 19:45:08.0234 2596 PPortJoystick (f1228587245ad1db17f918d518d85bc1) C:\WINDOWS\system32\drivers\PPortJoy.sys
2011/08/09 19:45:08.0234 2596 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/09 19:45:08.0250 2596 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/08/09 19:45:08.0265 2596 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/09 19:45:08.0312 2596 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/09 19:45:08.0328 2596 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/09 19:45:08.0343 2596 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/09 19:45:08.0359 2596 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/09 19:45:08.0375 2596 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/09 19:45:08.0406 2596 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/09 19:45:08.0453 2596 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/09 19:45:08.0484 2596 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/09 19:45:08.0515 2596 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2011/08/09 19:45:08.0640 2596 RTHDMIAzAudService (3a5d16604e1744964e08432354c489a3) C:\WINDOWS\system32\drivers\RtKHDMI.sys
2011/08/09 19:45:08.0703 2596 RTLE8023xp (839141088ad7ee90f5b441b2d1afd22c) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/08/09 19:45:08.0750 2596 SbieDrv (2b12749cc05f32d217735770d2eeabe3) C:\Programme\Sandboxie\SbieDrv.sys
2011/08/09 19:45:08.0781 2596 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/09 19:45:08.0812 2596 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/09 19:45:08.0812 2596 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/09 19:45:08.0828 2596 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/09 19:45:08.0859 2596 snapman (ffd9b64db2cd7b74b766c3a8452a5816) C:\WINDOWS\system32\DRIVERS\snapman.sys
2011/08/09 19:45:08.0875 2596 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/09 19:45:08.0921 2596 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
2011/08/09 19:45:08.0921 2596 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
2011/08/09 19:45:08.0937 2596 sptd - detected LockedFile.Multi.Generic (1)
2011/08/09 19:45:08.0953 2596 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/09 19:45:09.0000 2596 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/09 19:45:09.0046 2596 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
2011/08/09 19:45:09.0078 2596 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/09 19:45:09.0109 2596 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/09 19:45:09.0203 2596 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/09 19:45:09.0218 2596 tap0901t (b7aee68d2e867cbf69b649b18fcedbbb) C:\WINDOWS\system32\DRIVERS\tap0901t.sys
2011/08/09 19:45:09.0250 2596 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/09 19:45:09.0281 2596 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/09 19:45:09.0296 2596 tdrpman251 (3630f5b8181554deecfe2e4252bc4c4c) C:\WINDOWS\system32\DRIVERS\tdrpm251.sys
2011/08/09 19:45:09.0328 2596 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/09 19:45:09.0343 2596 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/09 19:45:09.0375 2596 timounter (c820bfc70feb25ec877c49e81cd477c1) C:\WINDOWS\system32\DRIVERS\timntr.sys
2011/08/09 19:45:09.0406 2596 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/09 19:45:09.0437 2596 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/09 19:45:09.0484 2596 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/08/09 19:45:09.0515 2596 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/09 19:45:09.0531 2596 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/09 19:45:09.0546 2596 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/09 19:45:09.0562 2596 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/08/09 19:45:09.0593 2596 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/09 19:45:09.0625 2596 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/09 19:45:09.0656 2596 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/09 19:45:09.0718 2596 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/09 19:45:09.0765 2596 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/09 19:45:09.0796 2596 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/09 19:45:09.0843 2596 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/08/09 19:45:09.0875 2596 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/09 19:45:09.0906 2596 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/08/09 19:45:09.0921 2596 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/09 19:45:09.0937 2596 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/09 19:45:09.0968 2596 xusb21 (ee9144207ee0211eb5656ba6808ac4a0) C:\WINDOWS\system32\DRIVERS\xusb21.sys
2011/08/09 19:45:10.0000 2596 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
2011/08/09 19:45:10.0109 2596 Boot (0x1200) (39312d93f68d74831ac0db2da8e532ee) \Device\Harddisk0\DR0\Partition0
2011/08/09 19:45:10.0125 2596 Boot (0x1200) (613a60a6b26d6ba6b411d6e230a66565) \Device\Harddisk0\DR0\Partition1
2011/08/09 19:45:10.0125 2596 ================================================================================
2011/08/09 19:45:10.0125 2596 Scan finished
2011/08/09 19:45:10.0125 2596 ================================================================================
2011/08/09 19:45:10.0140 2620 Detected object count: 1
2011/08/09 19:45:10.0140 2620 Actual detected object count: 1
2011/08/09 19:45:17.0453 2620 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/08/09 19:45:50.0718 0816 ================================================================================
2011/08/09 19:45:50.0718 0816 Scan started
2011/08/09 19:45:50.0718 0816 Mode: Manual;
2011/08/09 19:45:50.0718 0816 ================================================================================
2011/08/09 19:45:50.0921 0816 Aavmker4 (dfcdd5936cad0138775d5a105d4c7716) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/08/09 19:45:50.0968 0816 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/09 19:45:51.0000 0816 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/09 19:45:51.0031 0816 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/09 19:45:51.0062 0816 afcdp (f132d0bfde7c5ea1ab42325c5694a969) C:\WINDOWS\system32\DRIVERS\afcdp.sys
2011/08/09 19:45:51.0093 0816 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/09 19:45:51.0218 0816 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/08/09 19:45:51.0250 0816 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
2011/08/09 19:45:51.0296 0816 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/08/09 19:45:51.0328 0816 aswFsBlk (861cb512e4e850e87dd2316f88d69330) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/08/09 19:45:51.0328 0816 aswMon2 (7857e0b4c817f69ff463eea2c63e56f9) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/08/09 19:45:51.0359 0816 aswRdr (8db043bf96bb6d334e5b4888e709e1c7) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/08/09 19:45:51.0390 0816 aswSnx (17230708a2028cd995656df455f2e303) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/08/09 19:45:51.0406 0816 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\WINDOWS\system32\drivers\aswSP.sys
2011/08/09 19:45:51.0406 0816 aswTdi (984cfce2168286c2511695c2f9621475) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/08/09 19:45:51.0421 0816 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/09 19:45:51.0437 0816 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/09 19:45:51.0593 0816 ati2mtag (e43a7639be410b67059e48d3dd0ad405) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/08/09 19:45:51.0656 0816 atksgt (3c4b9850a2631c2263507400d029057b) C:\WINDOWS\system32\DRIVERS\atksgt.sys
2011/08/09 19:45:51.0656 0816 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/09 19:45:51.0687 0816 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/09 19:45:51.0718 0816 avmeject (263cf9d248fd5e020a1333ed4f7eaa88) C:\WINDOWS\system32\drivers\avmeject.sys
2011/08/09 19:45:51.0734 0816 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/09 19:45:51.0750 0816 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
2011/08/09 19:45:51.0781 0816 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2011/08/09 19:45:51.0812 0816 BtHidBus (ac2e61482a57ea50730f8c2679f37040) C:\WINDOWS\system32\Drivers\BtHidBus.sys
2011/08/09 19:45:51.0828 0816 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2011/08/09 19:45:51.0875 0816 BTHPORT (592e1cedbe314d0ef184dc6f46141e76) C:\WINDOWS\system32\Drivers\BTHport.sys
2011/08/09 19:45:51.0890 0816 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2011/08/09 19:45:51.0921 0816 btnetBUs (6783c5c81bfb640469468a80dfa1ccb3) C:\WINDOWS\system32\Drivers\btnetBus.sys
2011/08/09 19:45:51.0937 0816 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/09 19:45:51.0968 0816 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/09 19:45:51.0984 0816 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/09 19:45:52.0000 0816 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/09 19:45:52.0125 0816 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/09 19:45:52.0156 0816 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/09 19:45:52.0171 0816 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/09 19:45:52.0203 0816 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/09 19:45:52.0218 0816 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/09 19:45:52.0250 0816 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/09 19:45:52.0265 0816 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
2011/08/09 19:45:52.0281 0816 ESLvnic1 (3f3126a8f73e92f8eb369d54977d9e15) C:\WINDOWS\system32\DRIVERS\ESLvnic.sys
2011/08/09 19:45:52.0296 0816 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/09 19:45:52.0312 0816 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/08/09 19:45:52.0328 0816 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/09 19:45:52.0328 0816 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/08/09 19:45:52.0359 0816 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/08/09 19:45:52.0390 0816 FreeBT (b905ff23100a5218a4087c36dc760548) C:\WINDOWS\system32\Drivers\fbtusb.sys
2011/08/09 19:45:52.0421 0816 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/09 19:45:52.0437 0816 FTDIBUS (8142d5d886829b9876cb93af59475c09) C:\WINDOWS\system32\drivers\ftdibus.sys
2011/08/09 19:45:52.0453 0816 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/09 19:45:52.0484 0816 FTSER2K (63d72a4cf9f163b59db0ceed940a7d76) C:\WINDOWS\system32\drivers\ftser2k.sys
2011/08/09 19:45:52.0515 0816 FWLANUSB (ff12fa487265da2ac7de4be53f72ff1a) C:\WINDOWS\system32\DRIVERS\fwlanusb.sys
2011/08/09 19:45:52.0546 0816 gdrv (c6e3105b8c68c35cc1eb26a00fd1a8c6) C:\WINDOWS\gdrv.sys
2011/08/09 19:45:52.0593 0816 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/08/09 19:45:52.0609 0816 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/09 19:45:52.0625 0816 hamachi (d30b31375c40309425c21efe75db90bb) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2011/08/09 19:45:52.0640 0816 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/09 19:45:52.0656 0816 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/09 19:45:52.0687 0816 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/09 19:45:52.0718 0816 hwdatacard (07853191b1bdee5b39be4cfcfe3b9ad4) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
2011/08/09 19:45:52.0734 0816 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/09 19:45:52.0750 0816 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/09 19:45:52.0859 0816 IntcAzAudAddService (c472fc1d265346e9500095f88a0345f9) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/08/09 19:45:52.0921 0816 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/08/09 19:45:52.0937 0816 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/09 19:45:52.0968 0816 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/09 19:45:52.0984 0816 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/09 19:45:53.0015 0816 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/09 19:45:53.0031 0816 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/09 19:45:53.0062 0816 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/09 19:45:53.0093 0816 IvtBtBUs (01cbb39001afda1152f3fce15ab646ea) C:\WINDOWS\system32\Drivers\IvtBtBus.sys
2011/08/09 19:45:53.0125 0816 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/09 19:45:53.0140 0816 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/09 19:45:53.0171 0816 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/09 19:45:53.0203 0816 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/09 19:45:53.0250 0816 libusb0 (05c10e70b437841f31e1bfa8812895ba) C:\WINDOWS\system32\drivers\libusb0.sys
2011/08/09 19:45:53.0296 0816 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
2011/08/09 19:45:53.0312 0816 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/08/09 19:45:53.0328 0816 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/09 19:45:53.0343 0816 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/09 19:45:53.0390 0816 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/08/09 19:45:53.0421 0816 MotioninJoyXFilter (61448ba3cca3063541437694a5527af2) C:\WINDOWS\system32\DRIVERS\MijXfilt.sys
2011/08/09 19:45:53.0437 0816 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/09 19:45:53.0437 0816 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/09 19:45:53.0437 0816 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/09 19:45:53.0453 0816 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/09 19:45:53.0484 0816 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/09 19:45:53.0500 0816 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/09 19:45:53.0515 0816 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/09 19:45:53.0546 0816 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/09 19:45:53.0562 0816 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/09 19:45:53.0593 0816 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/09 19:45:53.0625 0816 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/09 19:45:53.0656 0816 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/09 19:45:53.0671 0816 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/09 19:45:53.0687 0816 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/09 19:45:53.0718 0816 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/09 19:45:53.0750 0816 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/09 19:45:53.0750 0816 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/09 19:45:53.0781 0816 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/09 19:45:53.0796 0816 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/08/09 19:45:53.0828 0816 NPF (6623e51595c0076755c29c00846c4eb2) C:\WINDOWS\system32\drivers\npf.sys
2011/08/09 19:45:53.0843 0816 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/09 19:45:53.0859 0816 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/09 19:45:53.0875 0816 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2011/08/09 19:45:53.0890 0816 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/09 19:45:53.0906 0816 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/09 19:45:53.0921 0816 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/09 19:45:53.0937 0816 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/08/09 19:45:53.0953 0816 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/09 19:45:53.0968 0816 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/09 19:45:53.0968 0816 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/09 19:45:53.0984 0816 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/09 19:45:54.0015 0816 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/09 19:45:54.0078 0816 PPJoyBus (89045b00bd36cfe3910e3cb6762c2db0) C:\WINDOWS\system32\drivers\PPJoyBus.sys
2011/08/09 19:45:54.0093 0816 PPortJoystick (f1228587245ad1db17f918d518d85bc1) C:\WINDOWS\system32\drivers\PPortJoy.sys
2011/08/09 19:45:54.0125 0816 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/09 19:45:54.0140 0816 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/08/09 19:45:54.0156 0816 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/09 19:45:54.0250 0816 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/09 19:45:54.0281 0816 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/09 19:45:54.0296 0816 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/09 19:45:54.0312 0816 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/09 19:45:54.0328 0816 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/09 19:45:54.0328 0816 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/09 19:45:54.0359 0816 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/09 19:45:54.0390 0816 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/09 19:45:54.0406 0816 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2011/08/09 19:45:54.0484 0816 RTHDMIAzAudService (3a5d16604e1744964e08432354c489a3) C:\WINDOWS\system32\drivers\RtKHDMI.sys
2011/08/09 19:45:54.0531 0816 RTLE8023xp (839141088ad7ee90f5b441b2d1afd22c) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/08/09 19:45:54.0578 0816 SbieDrv (2b12749cc05f32d217735770d2eeabe3) C:\Programme\Sandboxie\SbieDrv.sys
2011/08/09 19:45:54.0671 0816 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/09 19:45:54.0765 0816 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/09 19:45:54.0765 0816 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/09 19:45:54.0781 0816 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/09 19:45:54.0812 0816 snapman (ffd9b64db2cd7b74b766c3a8452a5816) C:\WINDOWS\system32\DRIVERS\snapman.sys
2011/08/09 19:45:54.0843 0816 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/09 19:45:54.0875 0816 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
2011/08/09 19:45:54.0875 0816 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
2011/08/09 19:45:54.0875 0816 sptd - detected LockedFile.Multi.Generic (1)
2011/08/09 19:45:54.0890 0816 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/09 19:45:54.0921 0816 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/09 19:45:54.0953 0816 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
2011/08/09 19:45:54.0968 0816 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/09 19:45:54.0984 0816 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/09 19:45:55.0031 0816 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/09 19:45:55.0046 0816 tap0901t (b7aee68d2e867cbf69b649b18fcedbbb) C:\WINDOWS\system32\DRIVERS\tap0901t.sys
2011/08/09 19:45:55.0078 0816 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/09 19:45:55.0109 0816 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/09 19:45:55.0156 0816 tdrpman251 (3630f5b8181554deecfe2e4252bc4c4c) C:\WINDOWS\system32\DRIVERS\tdrpm251.sys
2011/08/09 19:45:55.0187 0816 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/09 19:45:55.0203 0816 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/09 19:45:55.0250 0816 timounter (c820bfc70feb25ec877c49e81cd477c1) C:\WINDOWS\system32\DRIVERS\timntr.sys
2011/08/09 19:45:55.0312 0816 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/09 19:45:55.0343 0816 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/09 19:45:55.0375 0816 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/08/09 19:45:55.0390 0816 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/09 19:45:55.0406 0816 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/09 19:45:55.0437 0816 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/09 19:45:55.0437 0816 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/08/09 19:45:55.0468 0816 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/09 19:45:55.0500 0816 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/09 19:45:55.0515 0816 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/09 19:45:55.0546 0816 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/09 19:45:55.0562 0816 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/09 19:45:55.0578 0816 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/09 19:45:55.0593 0816 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/08/09 19:45:55.0640 0816 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/09 19:45:55.0656 0816 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/08/09 19:45:55.0687 0816 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/09 19:45:55.0703 0816 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/09 19:45:55.0750 0816 xusb21 (ee9144207ee0211eb5656ba6808ac4a0) C:\WINDOWS\system32\DRIVERS\xusb21.sys
2011/08/09 19:45:55.0765 0816 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
2011/08/09 19:45:55.0875 0816 Boot (0x1200) (39312d93f68d74831ac0db2da8e532ee) \Device\Harddisk0\DR0\Partition0
2011/08/09 19:45:55.0906 0816 Boot (0x1200) (613a60a6b26d6ba6b411d6e230a66565) \Device\Harddisk0\DR0\Partition1
2011/08/09 19:45:55.0921 0816 ================================================================================
2011/08/09 19:45:55.0921 0816 Scan finished
2011/08/09 19:45:55.0921 0816 ================================================================================
2011/08/09 19:45:55.0953 3720 Detected object count: 1
2011/08/09 19:45:55.0953 3720 Actual detected object count: 1
2011/08/09 19:46:09.0093 3720 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted after reboot
2011/08/09 19:46:09.0093 3720 HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted after reboot
2011/08/09 19:46:09.0109 3720 C:\WINDOWS\system32\Drivers\sptd.sys - will be deleted after reboot
2011/08/09 19:46:09.0109 3720 LockedFile.Multi.Generic(sptd) - User select action: Delete
2011/08/09 19:46:21.0875 1576 Deinitialize success
|
|
09.08.2011, 19:31
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundeskriminalamt Virus Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
Linear-Darstellung
